AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 3 Releases Activity

Update ghcr.io/miniflux/miniflux Docker tag to v2.2.17 #651

Merged
AverageMarcus merged 1 commits from renovate/ghcr.io-miniflux-miniflux-2.x into master 2026-02-15 09:18:45 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2026-02-14 03:16:46 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/miniflux/miniflux (source) patch 2.2.162.2.17

Release Notes

miniflux/v2 (ghcr.io/miniflux/miniflux)

v2.2.17: Miniflux 2.2.17

Compare Source

Security
  • Do not expose the Miniflux version on unauthenticated endpoints (deprecated since version 2.0.49).
  • Improve HTML sanitizer by switching from the tokenizer to the golang.org/x/net/html parser to better match browser behavior and reduce the risk of injection issues.
  • Enforce blocked resource checks on srcset URLs.
  • Improve blocked resource handling (including updates to blocked URL substrings).
  • Add validation for TRUSTED_REVERSE_PROXY_NETWORKS configuration to prevent silent misconfiguration.
  • Prevent possible deadlock when cleaning removed entries.
  • Ensure HTTP response bodies are always closed, even on client errors.
Improvements

  • Rewrite srcset parser to follow HTML specifications (WebKit-style parsing) and handle edge cases more correctly.

  • Improve sanitizer performance (various optimizations, including reduced allocations and better attribute handling).

  • Handle deeply nested HTML more robustly in the sanitizer.

  • Add scraper and rewrite rules for:

    • bleepingcomputer.com
    • vnexpress.net

  • Improve JSON Feed support:

    • Support malformed feeds with author objects in the authors array.
    • Avoid panic when parsing null feeds.
    • Improve title fallback logic.
    • Include external_url in JSON entry hash fallback.

  • Ignore WordPress wp-json API endpoint during JSON feed discovery.

  • Add unread status filter to search results.

  • Improve timezone handling internals and performance.

  • Improve API payload structures and Godoc comments.

  • Improve JavaScript code readability and keyboard shortcut handling.

  • Restore cmd/ctrl/shift-click behavior on main navigation.

  • Fix Safari PWA behavior for the v shortcut to open links in the main browser.

Bug Fixes
  • Do not keep old enclosures when an updated entry has none.
  • Handle sql.ErrNoRows properly in IconByFeedID.
  • Change FindRemoteIP to fall back to 127.0.0.1.
Configuration Changes
  • Removed FILTER_ENTRY_MAX_AGE_DAYS.
    This option can be replaced with a filter rule such as max-age:<duration>.
    Global environment variables should be reserved for process-level configuration.
Dependencies

  • Update github.com/lib/pq to 1.11.2.

  • Update:

    • golang.org/x/net to 0.50.0
    • golang.org/x/crypto to 0.48.0
    • golang.org/x/image to 0.36.0
    • golang.org/x/oauth2 to 0.35.0
    • golang.org/x/term to 0.40.0

  • Update Debian packager Docker image to Trixie.

As always, thank you to all contributors who helped improve Miniflux in this release.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/miniflux/miniflux](https://miniflux.app) ([source](https://github.com/miniflux/v2)) | patch | `2.2.16` → `2.2.17` | --- ### Release Notes <details> <summary>miniflux/v2 (ghcr.io/miniflux/miniflux)</summary> ### [`v2.2.17`](https://github.com/miniflux/v2/releases/tag/2.2.17): Miniflux 2.2.17 [Compare Source](https://github.com/miniflux/v2/compare/2.2.16...2.2.17) ##### Security - Do not expose the Miniflux version on unauthenticated endpoints (deprecated since version 2.0.49). - Improve HTML sanitizer by switching from the tokenizer to the `golang.org/x/net/html` parser to better match browser behavior and reduce the risk of injection issues. - Enforce blocked resource checks on `srcset` URLs. - Improve blocked resource handling (including updates to blocked URL substrings). - Add validation for `TRUSTED_REVERSE_PROXY_NETWORKS` configuration to prevent silent misconfiguration. - Prevent possible deadlock when cleaning removed entries. - Ensure HTTP response bodies are always closed, even on client errors. ##### Improvements - Rewrite `srcset` parser to follow HTML specifications (WebKit-style parsing) and handle edge cases more correctly. - Improve sanitizer performance (various optimizations, including reduced allocations and better attribute handling). - Handle deeply nested HTML more robustly in the sanitizer. - Add scraper and rewrite rules for: - `bleepingcomputer.com` - `vnexpress.net` - Improve JSON Feed support: - Support malformed feeds with `author` objects in the `authors` array. - Avoid panic when parsing `null` feeds. - Improve title fallback logic. - Include `external_url` in JSON entry hash fallback. - Ignore WordPress `wp-json` API endpoint during JSON feed discovery. - Add unread status filter to search results. - Improve timezone handling internals and performance. - Improve API payload structures and Godoc comments. - Improve JavaScript code readability and keyboard shortcut handling. - Restore cmd/ctrl/shift-click behavior on main navigation. - Fix Safari PWA behavior for the `v` shortcut to open links in the main browser. ##### Bug Fixes - Do not keep old enclosures when an updated entry has none. - Handle `sql.ErrNoRows` properly in `IconByFeedID`. - Change `FindRemoteIP` to fall back to `127.0.0.1`. ##### Configuration Changes - Removed `FILTER_ENTRY_MAX_AGE_DAYS`. This option can be replaced with a filter rule such as `max-age:<duration>`. Global environment variables should be reserved for process-level configuration. ##### Dependencies - Update `github.com/lib/pq` to 1.11.2. - Update: - `golang.org/x/net` to 0.50.0 - `golang.org/x/crypto` to 0.48.0 - `golang.org/x/image` to 0.36.0 - `golang.org/x/oauth2` to 0.35.0 - `golang.org/x/term` to 0.40.0 - Update Debian packager Docker image to Trixie. *** As always, thank you to all contributors who helped improve Miniflux in this release. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNC4xIiwidXBkYXRlZEluVmVyIjoiNDMuMTQuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->
renovate added 1 commit 2026-02-14 03:16:47 +00:00
Update ghcr.io/miniflux/miniflux Docker tag to v2.2.17 f026a1321b
AverageMarcus merged commit 8956c5140c into master 2026-02-15 09:18:45 +00:00
AverageMarcus deleted branch renovate/ghcr.io-miniflux-miniflux-2.x 2026-02-15 09:18:46 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate AverageMarcus
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: AverageMarcus/cluster.fun#651
Delete Branch "renovate/ghcr.io-miniflux-miniflux-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?